I have a program that captures bad page requests and sends an email informing me of the request. Over the years, I have been able to take the majority of those requests and redirect them to a discontinued page. This works great except when the hackers insert entity codes in the url.